Documentation ¶
Index ¶
- Constants
- func Contains(a []string, x string) bool
- func UserContext(ctx context.Context, user *gocloak.UserInfo) context.Context
- func UserFromContext(ctx context.Context) (*gocloak.UserInfo, bool)
- type APICustomError
- type Authenticate
- type AuthenticationHandler
- type Authenticator
- type Authorization
- type Claims
- type DirectGrant
- func (auth *DirectGrant) CheckScope(next http.Handler) http.Handler
- func (auth *DirectGrant) CheckToken(next http.Handler) http.Handler
- func (auth *DirectGrant) CheckTokenCustomHeader(next http.Handler) http.Handler
- func (auth *DirectGrant) DecodeAndValidateToken(next http.Handler) http.Handler
- func (auth *DirectGrant) Enforcer(requestConfig *EnforcerConfig) func(next http.Handler) http.Handler
- func (auth *DirectGrant) Protect(next http.Handler) http.Handler
- type EnforcerConfig
- type EnforcerConfigPermission
- type JWT
- type Permission
- type PermissionClaim
- type Refresh
- type RequestModeEnum
Constants ¶
const (
// KeyRealm is used as realm key constant
KeyRealm = "realm"
)
Variables ¶
This section is empty.
Functions ¶
func UserFromContext ¶
Types ¶
type APICustomError ¶
type APICustomError struct { Code int `json:"code"` Message string `json:"message"` Result string `json:"result"` }
APICustomError holds message and statusCode for api errors
func (APICustomError) Error ¶
func (apiError APICustomError) Error() string
Error stringifies the APIError
type Authenticate ¶
type Authenticate struct { ClientID string `json:"clientID"` ClientSecret string `json:"clientSecret"` Realm string `json:"realm,omitempty"` Scope string `json:"scope,omitempty"` UserName *string `json:"username,omitempty"` Password *string `json:"password,omitempty"` }
Authenticate holds authentication information
type AuthenticationHandler ¶
type AuthenticationHandler interface { AuthenticateClient(Authenticate) (*JWT, error) AuthenticateUser(Authenticate) (*JWT, error) RefreshToken(Refresh) (*JWT, error) }
AuthenticationHandler is used to authenticate with the api
func NewAuthenticationHandler ¶
func NewAuthenticationHandler(ctx context.Context, gocloakClient *gocloak.GoCloak, realm *string) AuthenticationHandler
NewAuthenticationHandler instantiates a new AuthenticationHandler Setting realm is optional noinspection GoUnusedExportedFunction
type Authenticator ¶
type Authenticator interface { // DecodeAndValidateToken Decodes the token and checks if it is valid DecodeAndValidateToken(next http.Handler) http.Handler CheckToken(next http.Handler) http.Handler // CheckTokenCustomHeader The following 2 methods need higher permissions of the client in the realm CheckTokenCustomHeader(next http.Handler) http.Handler CheckScope(next http.Handler) http.Handler Protect(next http.Handler) http.Handler Enforcer(requestData *EnforcerConfig) func(next http.Handler) http.Handler }
Authenticator is used to validate the JWT
func NewDirectGrant ¶
func NewDirectGrant(ctx context.Context, gocloak *gocloak.GoCloak, realm, clientID, clientSecret, allowedScope string, customHeaderName *string) Authenticator
NewDirectGrant instantiates a new Authenticator when using the Keycloak Direct Grant aka Resource Owner Password Credentials Flow
see https://www.keycloak.org/docs/latest/securing_apps/index.html#_resource_owner_password_credentials_flow and https://tools.ietf.org/html/rfc6749#section-4.3 for more information about this flow noinspection GoUnusedExportedFunction
type Authorization ¶
type Authorization struct {
Permissions []Permission `json:"permissions,omitempty"`
}
type Claims ¶
type Claims struct { Typ string `json:"typ,omitempty"` Azp string `json:"azp,omitempty"` AuthTime int `json:"auth_time,omitempty"` SessionState string `json:"session_state,omitempty"` Acr string `json:"acr,omitempty"` AllowedOrigins []string `json:"allowed-origins,omitempty"` RealmAccess jwx.RealmAccess `json:"realm_access,omitempty"` ResourceAccess jwx.ResourceAccess `json:"resource_access,omitempty"` Scope string `json:"scope,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` Address jwx.Address `json:"address,omitempty"` Name string `json:"name,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` GivenName string `json:"given_name,omitempty"` FamilyName string `json:"family_name,omitempty"` Email string `json:"email,omitempty"` ClientID string `json:"clientId,omitempty"` ClientHost string `json:"clientHost,omitempty"` ClientIP string `json:"clientAddress,omitempty"` Authorization Authorization `json:"authorization,omitempty"` }
type DirectGrant ¶
type DirectGrant struct {
// contains filtered or unexported fields
}
func (*DirectGrant) CheckScope ¶
func (auth *DirectGrant) CheckScope(next http.Handler) http.Handler
func (*DirectGrant) CheckToken ¶
func (auth *DirectGrant) CheckToken(next http.Handler) http.Handler
CheckToken used to verify authorization tokens
func (*DirectGrant) CheckTokenCustomHeader ¶
func (auth *DirectGrant) CheckTokenCustomHeader(next http.Handler) http.Handler
CheckTokenCustomHeader used to verify authorization tokens
func (*DirectGrant) DecodeAndValidateToken ¶
func (auth *DirectGrant) DecodeAndValidateToken(next http.Handler) http.Handler
func (*DirectGrant) Enforcer ¶
func (auth *DirectGrant) Enforcer(requestConfig *EnforcerConfig) func(next http.Handler) http.Handler
type EnforcerConfig ¶
type EnforcerConfig struct { Audience string Postfix string Prefix string Permissions []EnforcerConfigPermission ResponseMode *RequestModeEnum }
type JWT ¶
type JWT struct { AccessToken string `json:"accessToken"` ExpiresIn int `json:"expiresIn"` RefreshExpiresIn int `json:"refreshExpiresIn"` RefreshToken string `json:"refreshToken"` TokenType string `json:"tokenType"` NotBeforePolicy int `json:"notBeforePolicy"` SessionState string `json:"sessionState"` Scope string `json:"scope"` }
JWT is a JWT
type Permission ¶
type PermissionClaim ¶
type PermissionClaim struct { Id string // contains filtered or unexported fields }
type Refresh ¶
type Refresh struct { ClientID string `json:"clientID"` ClientSecret string `json:"clientSecret"` Realm string `json:"realm,omitempty"` RefreshToken string `json:"refreshToken,omitempty"` }
Refresh is used to refresh the JWT
type RequestModeEnum ¶
type RequestModeEnum string
const ( PermissionRequestMode RequestModeEnum = "permission" DecisionRequestMode RequestModeEnum = "decision" )